A computer virus is a piece of computer program code that causes unexpected and usually undesirable events within a computer system. Some viruses are very harmful, erasing data or causing the computer's hard disk to require reformatting. A virus is often disguised as something else, and many are designed to be automatically spread to other computers. Viruses can be transmitted as attachments to an e-mail or as downloadable files.
File infector viruses typically attach themselves to program files, usually selected .COM or .EXE files although some viruses can infect any executable program. When the program is loaded, the virus is loaded as well. A file infector virus may arrive at a computer as a self-contained program or script sent as an attachment to an e-mail, or via an infected removable storage medium. System or boot-record infector viruses infect executable code found in certain system areas on a disk. They attach to the disk operating system (DOS) boot sector on diskettes or the Master Boot Record on hard disks, and can make the computer's hard disk temporarily unusable. Macro viruses are among the most common viruses, but tend to do the least damage. Macro viruses can infect an application, such as inserting unwanted words or phrases when using a word processing application.
Because computer viruses are so common, easily transmitted and potentially harmful, anti-virus software is vital to protect against viruses.
Existing anti virus software scans each file for all known viruses that can affect that type of file. If there are N identical files located on M systems within a local area network (LAN), despite the files being identical, each of these N files is scanned by the anti virus program running on the respective local systems.
Additionally, no history is currently maintained about the files which have been scanned to indicate whether the file had been found to be virus-free in the previous scan or not. Regardless of whether the file has been designated as virus-free in a first scan, the file will be re-scanned in subsequent executions of the antivirus software.
Taking regular backups uses a lot of storage space, time and bandwidth. If identical files on different machines are backed up, a copy of each file is maintained in the backup for each machine even though the files are identical. Backup copies may be made even when the file being copied has not changed since the last backup.
Developers of computer viruses often set out to identify and exploit vulnerabilities within computer programs such as operating systems, mail clients, Web servers and Web browsers. When software vendors become aware of a vulnerability, they often notify existing customers and provide program code for removing the vulnerability. The program code may be a code patch (typically small), a service pack (typically large, such as 100 MB) or a replacement version of the computer program. Each end user is typically required to check which operating system version (and/or other programs) they are running and to compare this with received information about vulnerable programs. Applying a patch or service pack to remove a vulnerability typically involves each user locating the patch or service pack (via mail or Web site searching), downloading the patch or service pack, installing the program code, and rebooting the computer system. If N patches are required, the above described sequence is repeated N times.
It is common for vulnerabilities to viruses to persist within large networks for an unacceptably long time, because removal of the vulnerability requires pro-active steps by many individuals. This exposure can be reduced by managers or the information technology (IT) department within an organisation carefully checking that action has been taken to resolve the vulnerability for all users' systems, but pro-active involvement of managers or IT service teams involves significant costs to the organisation.
The inventors of the present invention have identified the above issues, and the need for solutions that can mitigate one or more of the above-described problems.